Thom Wiggers
30 changed files with 84 additions and 78 deletions
Unified View
Diff Options
-
+2 -1crypto_kem/kyber1024-90s/clean/indcpa.c
-
+1 -1crypto_kem/kyber1024-90s/clean/kem.c
-
+3 -3crypto_kem/kyber1024-90s/clean/poly.c
-
+11 -11crypto_kem/kyber1024-90s/clean/polyvec.c
-
+1 -1crypto_kem/kyber1024-90s/clean/reduce.c
-
+2 -1crypto_kem/kyber1024/clean/indcpa.c
-
+1 -1crypto_kem/kyber1024/clean/kem.c
-
+3 -3crypto_kem/kyber1024/clean/poly.c
-
+11 -11crypto_kem/kyber1024/clean/polyvec.c
-
+1 -1crypto_kem/kyber1024/clean/reduce.c
-
+2 -1crypto_kem/kyber512-90s/clean/indcpa.c
-
+1 -1crypto_kem/kyber512-90s/clean/kem.c
-
+3 -3crypto_kem/kyber512-90s/clean/poly.c
-
+5 -5crypto_kem/kyber512-90s/clean/polyvec.c
-
+1 -1crypto_kem/kyber512-90s/clean/reduce.c
-
+2 -1crypto_kem/kyber512/clean/indcpa.c
-
+1 -1crypto_kem/kyber512/clean/kem.c
-
+3 -3crypto_kem/kyber512/clean/poly.c
-
+5 -5crypto_kem/kyber512/clean/polyvec.c
-
+1 -1crypto_kem/kyber512/clean/reduce.c
-
+2 -1crypto_kem/kyber768-90s/clean/indcpa.c
-
+1 -1crypto_kem/kyber768-90s/clean/kem.c
-
+3 -3crypto_kem/kyber768-90s/clean/poly.c
-
+5 -5crypto_kem/kyber768-90s/clean/polyvec.c
-
+1 -1crypto_kem/kyber768-90s/clean/reduce.c
-
+2 -1crypto_kem/kyber768/clean/indcpa.c
-
+1 -1crypto_kem/kyber768/clean/kem.c
-
+3 -3crypto_kem/kyber768/clean/poly.c
-
+5 -5crypto_kem/kyber768/clean/polyvec.c
-
+1 -1crypto_kem/kyber768/clean/reduce.c
+ 2
- 1
crypto_kem/kyber1024-90s/clean/indcpa.c
View File
| @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, | |||||
| + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | ||||
| // Not static for benchmarking | // Not static for benchmarking | ||||
| void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | void PQCLEAN_KYBER102490S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | ||||
| unsigned int ctr = 0, i = 0, j = 0; | |||||
| unsigned int ctr = 0; | |||||
| uint8_t i = 0, j = 0; | |||||
| uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | ||||
| xof_state state; | xof_state state; | ||||
+ 1
- 1
crypto_kem/kyber1024-90s/clean/kem.c
View File
| @@ -117,7 +117,7 @@ int PQCLEAN_KYBER102490S_CLEAN_crypto_kem_dec(unsigned char *ss, | |||||
| hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | ||||
| /* Overwrite pre-k with z on re-encryption failure */ | /* Overwrite pre-k with z on re-encryption failure */ | ||||
| PQCLEAN_KYBER102490S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); | |||||
| PQCLEAN_KYBER102490S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); | |||||
| /* hash concatenation of pre-k and H(c) to k */ | /* hash concatenation of pre-k and H(c) to k */ | ||||
| kdf(ss, kr, 2 * KYBER_SYMBYTES); | kdf(ss, kr, 2 * KYBER_SYMBYTES); | ||||
+ 3
- 3
crypto_kem/kyber1024-90s/clean/poly.c
View File
| @@ -85,9 +85,9 @@ void PQCLEAN_KYBER102490S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a | |||||
| for (i = 0; i < KYBER_N / 2; i++) { | for (i = 0; i < KYBER_N / 2; i++) { | ||||
| t0 = a->coeffs[2 * i]; | t0 = a->coeffs[2 * i]; | ||||
| t1 = a->coeffs[2 * i + 1]; | t1 = a->coeffs[2 * i + 1]; | ||||
| r[3 * i + 0] = (t0 >> 0); | |||||
| r[3 * i + 1] = (t0 >> 8) | (t1 << 4); | |||||
| r[3 * i + 2] = (t1 >> 4); | |||||
| r[3 * i + 0] = (uint8_t)(t0 >> 0); | |||||
| r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); | |||||
| r[3 * i + 2] = (uint8_t)(t1 >> 4); | |||||
| } | } | ||||
| } | } | ||||
+ 11
- 11
crypto_kem/kyber1024-90s/clean/polyvec.c
View File
| @@ -27,17 +27,17 @@ void PQCLEAN_KYBER102490S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESS | |||||
| } | } | ||||
| } | } | ||||
| r[ 0] = (t[0] >> 0); | |||||
| r[ 1] = (t[0] >> 8) | (t[1] << 3); | |||||
| r[ 2] = (t[1] >> 5) | (t[2] << 6); | |||||
| r[ 3] = (t[2] >> 2); | |||||
| r[ 4] = (t[2] >> 10) | (t[3] << 1); | |||||
| r[ 5] = (t[3] >> 7) | (t[4] << 4); | |||||
| r[ 6] = (t[4] >> 4) | (t[5] << 7); | |||||
| r[ 7] = (t[5] >> 1); | |||||
| r[ 8] = (t[5] >> 9) | (t[6] << 2); | |||||
| r[ 9] = (t[6] >> 6) | (t[7] << 5); | |||||
| r[10] = (t[7] >> 3); | |||||
| r[ 0] = (uint8_t)(t[0] >> 0); | |||||
| r[ 1] = (uint8_t)((t[0] >> 8) | (t[1] << 3)); | |||||
| r[ 2] = (uint8_t)((t[1] >> 5) | (t[2] << 6)); | |||||
| r[ 3] = (uint8_t)(t[2] >> 2); | |||||
| r[ 4] = (uint8_t)((t[2] >> 10) | (t[3] << 1)); | |||||
| r[ 5] = (uint8_t)((t[3] >> 7) | (t[4] << 4)); | |||||
| r[ 6] = (uint8_t)((t[4] >> 4) | (t[5] << 7)); | |||||
| r[ 7] = (uint8_t)(t[5] >> 1); | |||||
| r[ 8] = (uint8_t)((t[5] >> 9) | (t[6] << 2)); | |||||
| r[ 9] = (uint8_t)((t[6] >> 6) | (t[7] << 5)); | |||||
| r[10] = (uint8_t)(t[7] >> 3); | |||||
| r += 11; | r += 11; | ||||
| } | } | ||||
| } | } | ||||
+ 1
- 1
crypto_kem/kyber1024-90s/clean/reduce.c
View File
| @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER102490S_CLEAN_montgomery_reduce(int32_t a) { | |||||
| t = (int32_t)u * KYBER_Q; | t = (int32_t)u * KYBER_Q; | ||||
| t = a - t; | t = a - t; | ||||
| t >>= 16; | t >>= 16; | ||||
| return t; | |||||
| return (int16_t)t; | |||||
| } | } | ||||
| /************************************************* | /************************************************* | ||||
+ 2
- 1
crypto_kem/kyber1024/clean/indcpa.c
View File
| @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, | |||||
| + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | ||||
| // Not static for benchmarking | // Not static for benchmarking | ||||
| void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | void PQCLEAN_KYBER1024_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | ||||
| unsigned int ctr = 0, i = 0, j = 0; | |||||
| unsigned int ctr = 0; | |||||
| uint8_t i = 0, j = 0; | |||||
| uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | ||||
| xof_state state; | xof_state state; | ||||
+ 1
- 1
crypto_kem/kyber1024/clean/kem.c
View File
| @@ -117,7 +117,7 @@ int PQCLEAN_KYBER1024_CLEAN_crypto_kem_dec(unsigned char *ss, | |||||
| hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | ||||
| /* Overwrite pre-k with z on re-encryption failure */ | /* Overwrite pre-k with z on re-encryption failure */ | ||||
| PQCLEAN_KYBER1024_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); | |||||
| PQCLEAN_KYBER1024_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); | |||||
| /* hash concatenation of pre-k and H(c) to k */ | /* hash concatenation of pre-k and H(c) to k */ | ||||
| kdf(ss, kr, 2 * KYBER_SYMBYTES); | kdf(ss, kr, 2 * KYBER_SYMBYTES); | ||||
+ 3
- 3
crypto_kem/kyber1024/clean/poly.c
View File
| @@ -85,9 +85,9 @@ void PQCLEAN_KYBER1024_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) { | |||||
| for (i = 0; i < KYBER_N / 2; i++) { | for (i = 0; i < KYBER_N / 2; i++) { | ||||
| t0 = a->coeffs[2 * i]; | t0 = a->coeffs[2 * i]; | ||||
| t1 = a->coeffs[2 * i + 1]; | t1 = a->coeffs[2 * i + 1]; | ||||
| r[3 * i + 0] = (t0 >> 0); | |||||
| r[3 * i + 1] = (t0 >> 8) | (t1 << 4); | |||||
| r[3 * i + 2] = (t1 >> 4); | |||||
| r[3 * i + 0] = (uint8_t)(t0 >> 0); | |||||
| r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); | |||||
| r[3 * i + 2] = (uint8_t)(t1 >> 4); | |||||
| } | } | ||||
| } | } | ||||
+ 11
- 11
crypto_kem/kyber1024/clean/polyvec.c
View File
| @@ -27,17 +27,17 @@ void PQCLEAN_KYBER1024_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDB | |||||
| } | } | ||||
| } | } | ||||
| r[ 0] = (t[0] >> 0); | |||||
| r[ 1] = (t[0] >> 8) | (t[1] << 3); | |||||
| r[ 2] = (t[1] >> 5) | (t[2] << 6); | |||||
| r[ 3] = (t[2] >> 2); | |||||
| r[ 4] = (t[2] >> 10) | (t[3] << 1); | |||||
| r[ 5] = (t[3] >> 7) | (t[4] << 4); | |||||
| r[ 6] = (t[4] >> 4) | (t[5] << 7); | |||||
| r[ 7] = (t[5] >> 1); | |||||
| r[ 8] = (t[5] >> 9) | (t[6] << 2); | |||||
| r[ 9] = (t[6] >> 6) | (t[7] << 5); | |||||
| r[10] = (t[7] >> 3); | |||||
| r[ 0] = (uint8_t)(t[0] >> 0); | |||||
| r[ 1] = (uint8_t)((t[0] >> 8) | (t[1] << 3)); | |||||
| r[ 2] = (uint8_t)((t[1] >> 5) | (t[2] << 6)); | |||||
| r[ 3] = (uint8_t)(t[2] >> 2); | |||||
| r[ 4] = (uint8_t)((t[2] >> 10) | (t[3] << 1)); | |||||
| r[ 5] = (uint8_t)((t[3] >> 7) | (t[4] << 4)); | |||||
| r[ 6] = (uint8_t)((t[4] >> 4) | (t[5] << 7)); | |||||
| r[ 7] = (uint8_t)(t[5] >> 1); | |||||
| r[ 8] = (uint8_t)((t[5] >> 9) | (t[6] << 2)); | |||||
| r[ 9] = (uint8_t)((t[6] >> 6) | (t[7] << 5)); | |||||
| r[10] = (uint8_t)(t[7] >> 3); | |||||
| r += 11; | r += 11; | ||||
| } | } | ||||
| } | } | ||||
+ 1
- 1
crypto_kem/kyber1024/clean/reduce.c
View File
| @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER1024_CLEAN_montgomery_reduce(int32_t a) { | |||||
| t = (int32_t)u * KYBER_Q; | t = (int32_t)u * KYBER_Q; | ||||
| t = a - t; | t = a - t; | ||||
| t >>= 16; | t >>= 16; | ||||
| return t; | |||||
| return (int16_t)t; | |||||
| } | } | ||||
| /************************************************* | /************************************************* | ||||
+ 2
- 1
crypto_kem/kyber512-90s/clean/indcpa.c
View File
| @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, | |||||
| + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | ||||
| // Not static for benchmarking | // Not static for benchmarking | ||||
| void PQCLEAN_KYBER51290S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | void PQCLEAN_KYBER51290S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | ||||
| unsigned int ctr = 0, i = 0, j = 0; | |||||
| unsigned int ctr = 0; | |||||
| uint8_t i = 0, j = 0; | |||||
| uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | ||||
| xof_state state; | xof_state state; | ||||
+ 1
- 1
crypto_kem/kyber512-90s/clean/kem.c
View File
| @@ -117,7 +117,7 @@ int PQCLEAN_KYBER51290S_CLEAN_crypto_kem_dec(unsigned char *ss, | |||||
| hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | ||||
| /* Overwrite pre-k with z on re-encryption failure */ | /* Overwrite pre-k with z on re-encryption failure */ | ||||
| PQCLEAN_KYBER51290S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); | |||||
| PQCLEAN_KYBER51290S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); | |||||
| /* hash concatenation of pre-k and H(c) to k */ | /* hash concatenation of pre-k and H(c) to k */ | ||||
| kdf(ss, kr, 2 * KYBER_SYMBYTES); | kdf(ss, kr, 2 * KYBER_SYMBYTES); | ||||
+ 3
- 3
crypto_kem/kyber512-90s/clean/poly.c
View File
| @@ -83,9 +83,9 @@ void PQCLEAN_KYBER51290S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) | |||||
| for (i = 0; i < KYBER_N / 2; i++) { | for (i = 0; i < KYBER_N / 2; i++) { | ||||
| t0 = a->coeffs[2 * i]; | t0 = a->coeffs[2 * i]; | ||||
| t1 = a->coeffs[2 * i + 1]; | t1 = a->coeffs[2 * i + 1]; | ||||
| r[3 * i + 0] = (t0 >> 0); | |||||
| r[3 * i + 1] = (t0 >> 8) | (t1 << 4); | |||||
| r[3 * i + 2] = (t1 >> 4); | |||||
| r[3 * i + 0] = (uint8_t)(t0 >> 0); | |||||
| r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); | |||||
| r[3 * i + 2] = (uint8_t)(t1 >> 4); | |||||
| } | } | ||||
| } | } | ||||
+ 5
- 5
crypto_kem/kyber512-90s/clean/polyvec.c
View File
| @@ -27,11 +27,11 @@ void PQCLEAN_KYBER51290S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE | |||||
| } | } | ||||
| } | } | ||||
| r[0] = (t[0] >> 0); | |||||
| r[1] = (t[0] >> 8) | (t[1] << 2); | |||||
| r[2] = (t[1] >> 6) | (t[2] << 4); | |||||
| r[3] = (t[2] >> 4) | (t[3] << 6); | |||||
| r[4] = (t[3] >> 2); | |||||
| r[0] = (uint8_t)(t[0] >> 0); | |||||
| r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); | |||||
| r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); | |||||
| r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); | |||||
| r[4] = (uint8_t)(t[3] >> 2); | |||||
| r += 5; | r += 5; | ||||
| } | } | ||||
| } | } | ||||
+ 1
- 1
crypto_kem/kyber512-90s/clean/reduce.c
View File
| @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER51290S_CLEAN_montgomery_reduce(int32_t a) { | |||||
| t = (int32_t)u * KYBER_Q; | t = (int32_t)u * KYBER_Q; | ||||
| t = a - t; | t = a - t; | ||||
| t >>= 16; | t >>= 16; | ||||
| return t; | |||||
| return (int16_t)t; | |||||
| } | } | ||||
| /************************************************* | /************************************************* | ||||
+ 2
- 1
crypto_kem/kyber512/clean/indcpa.c
View File
| @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, | |||||
| + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | ||||
| // Not static for benchmarking | // Not static for benchmarking | ||||
| void PQCLEAN_KYBER512_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | void PQCLEAN_KYBER512_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | ||||
| unsigned int ctr = 0, i = 0, j = 0; | |||||
| unsigned int ctr = 0; | |||||
| uint8_t i = 0, j = 0; | |||||
| uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | ||||
| xof_state state; | xof_state state; | ||||
+ 1
- 1
crypto_kem/kyber512/clean/kem.c
View File
| @@ -117,7 +117,7 @@ int PQCLEAN_KYBER512_CLEAN_crypto_kem_dec(unsigned char *ss, | |||||
| hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | ||||
| /* Overwrite pre-k with z on re-encryption failure */ | /* Overwrite pre-k with z on re-encryption failure */ | ||||
| PQCLEAN_KYBER512_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); | |||||
| PQCLEAN_KYBER512_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); | |||||
| /* hash concatenation of pre-k and H(c) to k */ | /* hash concatenation of pre-k and H(c) to k */ | ||||
| kdf(ss, kr, 2 * KYBER_SYMBYTES); | kdf(ss, kr, 2 * KYBER_SYMBYTES); | ||||
+ 3
- 3
crypto_kem/kyber512/clean/poly.c
View File
| @@ -83,9 +83,9 @@ void PQCLEAN_KYBER512_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) { | |||||
| for (i = 0; i < KYBER_N / 2; i++) { | for (i = 0; i < KYBER_N / 2; i++) { | ||||
| t0 = a->coeffs[2 * i]; | t0 = a->coeffs[2 * i]; | ||||
| t1 = a->coeffs[2 * i + 1]; | t1 = a->coeffs[2 * i + 1]; | ||||
| r[3 * i + 0] = (t0 >> 0); | |||||
| r[3 * i + 1] = (t0 >> 8) | (t1 << 4); | |||||
| r[3 * i + 2] = (t1 >> 4); | |||||
| r[3 * i + 0] = (uint8_t)(t0 >> 0); | |||||
| r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); | |||||
| r[3 * i + 2] = (uint8_t)(t1 >> 4); | |||||
| } | } | ||||
| } | } | ||||
+ 5
- 5
crypto_kem/kyber512/clean/polyvec.c
View File
| @@ -27,11 +27,11 @@ void PQCLEAN_KYBER512_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY | |||||
| } | } | ||||
| } | } | ||||
| r[0] = (t[0] >> 0); | |||||
| r[1] = (t[0] >> 8) | (t[1] << 2); | |||||
| r[2] = (t[1] >> 6) | (t[2] << 4); | |||||
| r[3] = (t[2] >> 4) | (t[3] << 6); | |||||
| r[4] = (t[3] >> 2); | |||||
| r[0] = (uint8_t)(t[0] >> 0); | |||||
| r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); | |||||
| r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); | |||||
| r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); | |||||
| r[4] = (uint8_t)(t[3] >> 2); | |||||
| r += 5; | r += 5; | ||||
| } | } | ||||
| } | } | ||||
+ 1
- 1
crypto_kem/kyber512/clean/reduce.c
View File
| @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER512_CLEAN_montgomery_reduce(int32_t a) { | |||||
| t = (int32_t)u * KYBER_Q; | t = (int32_t)u * KYBER_Q; | ||||
| t = a - t; | t = a - t; | ||||
| t >>= 16; | t >>= 16; | ||||
| return t; | |||||
| return (int16_t)t; | |||||
| } | } | ||||
| /************************************************* | /************************************************* | ||||
+ 2
- 1
crypto_kem/kyber768-90s/clean/indcpa.c
View File
| @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, | |||||
| + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | ||||
| // Not static for benchmarking | // Not static for benchmarking | ||||
| void PQCLEAN_KYBER76890S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | void PQCLEAN_KYBER76890S_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | ||||
| unsigned int ctr = 0, i = 0, j = 0; | |||||
| unsigned int ctr = 0; | |||||
| uint8_t i = 0, j = 0; | |||||
| uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | ||||
| xof_state state; | xof_state state; | ||||
+ 1
- 1
crypto_kem/kyber768-90s/clean/kem.c
View File
| @@ -117,7 +117,7 @@ int PQCLEAN_KYBER76890S_CLEAN_crypto_kem_dec(unsigned char *ss, | |||||
| hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | ||||
| /* Overwrite pre-k with z on re-encryption failure */ | /* Overwrite pre-k with z on re-encryption failure */ | ||||
| PQCLEAN_KYBER76890S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); | |||||
| PQCLEAN_KYBER76890S_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); | |||||
| /* hash concatenation of pre-k and H(c) to k */ | /* hash concatenation of pre-k and H(c) to k */ | ||||
| kdf(ss, kr, 2 * KYBER_SYMBYTES); | kdf(ss, kr, 2 * KYBER_SYMBYTES); | ||||
+ 3
- 3
crypto_kem/kyber768-90s/clean/poly.c
View File
| @@ -72,9 +72,9 @@ void PQCLEAN_KYBER76890S_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) | |||||
| for (i = 0; i < KYBER_N / 2; i++) { | for (i = 0; i < KYBER_N / 2; i++) { | ||||
| t0 = a->coeffs[2 * i]; | t0 = a->coeffs[2 * i]; | ||||
| t1 = a->coeffs[2 * i + 1]; | t1 = a->coeffs[2 * i + 1]; | ||||
| r[3 * i + 0] = (t0 >> 0); | |||||
| r[3 * i + 1] = (t0 >> 8) | (t1 << 4); | |||||
| r[3 * i + 2] = (t1 >> 4); | |||||
| r[3 * i + 0] = (uint8_t)(t0 >> 0); | |||||
| r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); | |||||
| r[3 * i + 2] = (uint8_t)(t1 >> 4); | |||||
| } | } | ||||
| } | } | ||||
+ 5
- 5
crypto_kem/kyber768-90s/clean/polyvec.c
View File
| @@ -27,11 +27,11 @@ void PQCLEAN_KYBER76890S_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSE | |||||
| } | } | ||||
| } | } | ||||
| r[0] = (t[0] >> 0); | |||||
| r[1] = (t[0] >> 8) | (t[1] << 2); | |||||
| r[2] = (t[1] >> 6) | (t[2] << 4); | |||||
| r[3] = (t[2] >> 4) | (t[3] << 6); | |||||
| r[4] = (t[3] >> 2); | |||||
| r[0] = (uint8_t)(t[0] >> 0); | |||||
| r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); | |||||
| r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); | |||||
| r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); | |||||
| r[4] = (uint8_t)(t[3] >> 2); | |||||
| r += 5; | r += 5; | ||||
| } | } | ||||
| } | } | ||||
+ 1
- 1
crypto_kem/kyber768-90s/clean/reduce.c
View File
| @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER76890S_CLEAN_montgomery_reduce(int32_t a) { | |||||
| t = (int32_t)u * KYBER_Q; | t = (int32_t)u * KYBER_Q; | ||||
| t = a - t; | t = a - t; | ||||
| t >>= 16; | t >>= 16; | ||||
| return t; | |||||
| return (int16_t)t; | |||||
| } | } | ||||
| /************************************************* | /************************************************* | ||||
+ 2
- 1
crypto_kem/kyber768/clean/indcpa.c
View File
| @@ -169,7 +169,8 @@ static unsigned int rej_uniform(int16_t *r, | |||||
| + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | + XOF_BLOCKBYTES)/XOF_BLOCKBYTES) | ||||
| // Not static for benchmarking | // Not static for benchmarking | ||||
| void PQCLEAN_KYBER768_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | void PQCLEAN_KYBER768_CLEAN_gen_matrix(polyvec *a, const uint8_t seed[KYBER_SYMBYTES], int transposed) { | ||||
| unsigned int ctr = 0, i = 0, j = 0; | |||||
| unsigned int ctr = 0; | |||||
| uint8_t i = 0, j = 0; | |||||
| uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | uint8_t buf[GEN_MATRIX_NBLOCKS * XOF_BLOCKBYTES]; | ||||
| xof_state state; | xof_state state; | ||||
+ 1
- 1
crypto_kem/kyber768/clean/kem.c
View File
| @@ -117,7 +117,7 @@ int PQCLEAN_KYBER768_CLEAN_crypto_kem_dec(unsigned char *ss, | |||||
| hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | hash_h(kr + KYBER_SYMBYTES, ct, KYBER_CIPHERTEXTBYTES); | ||||
| /* Overwrite pre-k with z on re-encryption failure */ | /* Overwrite pre-k with z on re-encryption failure */ | ||||
| PQCLEAN_KYBER768_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, fail); | |||||
| PQCLEAN_KYBER768_CLEAN_cmov(kr, sk + KYBER_SECRETKEYBYTES - KYBER_SYMBYTES, KYBER_SYMBYTES, (uint8_t)fail); | |||||
| /* hash concatenation of pre-k and H(c) to k */ | /* hash concatenation of pre-k and H(c) to k */ | ||||
| kdf(ss, kr, 2 * KYBER_SYMBYTES); | kdf(ss, kr, 2 * KYBER_SYMBYTES); | ||||
+ 3
- 3
crypto_kem/kyber768/clean/poly.c
View File
| @@ -72,9 +72,9 @@ void PQCLEAN_KYBER768_CLEAN_poly_tobytes(uint8_t r[KYBER_POLYBYTES], poly *a) { | |||||
| for (i = 0; i < KYBER_N / 2; i++) { | for (i = 0; i < KYBER_N / 2; i++) { | ||||
| t0 = a->coeffs[2 * i]; | t0 = a->coeffs[2 * i]; | ||||
| t1 = a->coeffs[2 * i + 1]; | t1 = a->coeffs[2 * i + 1]; | ||||
| r[3 * i + 0] = (t0 >> 0); | |||||
| r[3 * i + 1] = (t0 >> 8) | (t1 << 4); | |||||
| r[3 * i + 2] = (t1 >> 4); | |||||
| r[3 * i + 0] = (uint8_t)(t0 >> 0); | |||||
| r[3 * i + 1] = (uint8_t)((t0 >> 8) | (t1 << 4)); | |||||
| r[3 * i + 2] = (uint8_t)(t1 >> 4); | |||||
| } | } | ||||
| } | } | ||||
+ 5
- 5
crypto_kem/kyber768/clean/polyvec.c
View File
| @@ -27,11 +27,11 @@ void PQCLEAN_KYBER768_CLEAN_polyvec_compress(uint8_t r[KYBER_POLYVECCOMPRESSEDBY | |||||
| } | } | ||||
| } | } | ||||
| r[0] = (t[0] >> 0); | |||||
| r[1] = (t[0] >> 8) | (t[1] << 2); | |||||
| r[2] = (t[1] >> 6) | (t[2] << 4); | |||||
| r[3] = (t[2] >> 4) | (t[3] << 6); | |||||
| r[4] = (t[3] >> 2); | |||||
| r[0] = (uint8_t)(t[0] >> 0); | |||||
| r[1] = (uint8_t)((t[0] >> 8) | (t[1] << 2)); | |||||
| r[2] = (uint8_t)((t[1] >> 6) | (t[2] << 4)); | |||||
| r[3] = (uint8_t)((t[2] >> 4) | (t[3] << 6)); | |||||
| r[4] = (uint8_t)(t[3] >> 2); | |||||
| r += 5; | r += 5; | ||||
| } | } | ||||
| } | } | ||||
+ 1
- 1
crypto_kem/kyber768/clean/reduce.c
View File
| @@ -22,7 +22,7 @@ int16_t PQCLEAN_KYBER768_CLEAN_montgomery_reduce(int32_t a) { | |||||
| t = (int32_t)u * KYBER_Q; | t = (int32_t)u * KYBER_Q; | ||||
| t = a - t; | t = a - t; | ||||
| t >>= 16; | t >>= 16; | ||||
| return t; | |||||
| return (int16_t)t; | |||||
| } | } | ||||
| /************************************************* | /************************************************* | ||||